On Mon, Aug 16, 2021 at 11:05:00PM -0500, Daniel Lewart wrote: > Debian Developers, > > First, thank you to Ansgar, et al, for changing > <suite>/updates to <suite>-security ! > > There are a variety of Debian security repository URIs published. > Below are four of them and some authoritative URLs that use them. > This inconsistency is confusing. > > Which URI is best? > > #2 and #4 are eliminated by the following: > * Re: Rename security suite to *-security > https://lists.debian.org/debian-devel/2015/12/msg00333.html > * #758316 - APT: Use HTTPS by default: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758316 > > That leaves two candidates for the canonical URI: > * http://deb.debian.org/debian-security > * http://security.debian.org/debian-security > > Is there consensus as to which one is preferred? > > If so, I will try to get the non-canonical URIs changed.
Note that my opinion is not authoritative in any way, but for years I have been under the impression that the security updates repository is intentionally not supposed to be mirrored with the idea that a mirror admin getting distracted for a couple of days will not lead to users not receiving security updates - the idea that Apt will always, always query the central host for security updates in particular. Of course, this places a bit more bandwidth/performance demands on security.debian.org, so maybe my view has become outdated and it is okay to use a mirror for the security repository; just thought I'd mention that. G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org p...@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
